Hello all. We use CentOS 7 ,FreeIPA 4.4, Apache 2.4 We installed audit system like http://www.freeipa.org/page/Centralized_Logging for monitoring "Who's What's Doing". Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.
Some string for Remove user from group in FreeIPA from /var/log/httpd/error_log: [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-u...@domain.com: batch: group_remove_member(u'somegroup', user=u'someuser'): SUCCESS Parsed string loaded in Elasticsearch: { "_index": "logstash-2017.02.15", "_type": "events", "_id": "Uniq-ID", "_score": null, "_source": { "timestamp": "2017-02-15T03:46:08-06:00", "status": "SUCCESS", "parameters": "'u'somegroup', user=u'someuser'", "action": "group_remove_member", "principal": "admin-u...@domain.com", "pid": "31732", "event.tags": [ "ipa", "ipa-call", "batch" ], "host": "server-1", "facility": "local0", "severity": "notice", "tag": "httpderror", "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-u...@domain.com: batch: group_remove_member(u'somegroup', user=u'someuser'): SUCCESS" }, "fields": { "timestamp": [ 1487151968000 ] }, "sort": [ 1487151968000 ] } But we need add IP-address of admin-u...@domain.com outputting to error_log. How can add IP-address to this error_log file ?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project